Akhila Sinha <akhila @
cc .
iitd .
ernet .
in> sketched a proposed
intranet/extranet architecture:
>We are looking at firewall solutions to connect a 2MB link to about 2500
>users.... <snip>
> full tcp inward from selected machines outside
> Internet web, Intranet Web.... <snip>
> The News and Internet Web servers should not be on the secure side
> (What are other problems beside errant CGI programs ?)
Inside and out, you likely need strong user authentication (X509
certs and smartcards, or two-factor authenticators: hand-held tokens or
software token-emulators) & (at least) external crypto (PKI or VPNs.)
Suerte,
_Vin
"Cryptography is like literacy in the Dark Ages. Infinitely potent, for
good and ill... yet basically an intellectual construct, an idea, which by
its nature will resist efforts to restrict it to bureaucrats and others who
deem only themselves worthy of such Privilege."
_ A thinking man's Creed for Crypto/ vbm.
* Vin McLellan + The Privacy Guild + <vin @
shore .
net> *
53 Nichols St., Chelsea, MA 02150 USA <617> 884-5548
References:
|
|
